Re: BCP38 - Internet Death Penalty

[John Curran <jcurran () arin net>]

On Mar 27, 2013, at 10:23 AM, Jay Ashworth <jra () baylink com> wrote:

> Indeed, but I have an even better example of how that's already done, that
> is probably pertinent.

> The National Electric Code is assimilated law now, I think, in every
> state in the US.  It is promulgated by the National Fire Protection 
> Association, which is a standards organization originally started by 
> insurors to reduce their exposure and expenses; by professional consensus,
> they have become, effectively, a lawmaking body.
>
> So they're not the government, they're subject-matter experts, technically
> competent to have opinions, and their opinions are assimilated into 
> controlling law.

Indeed... a perfect example of industry self-regulation supplemented by
a mandatory legal framework referencing the best practice documents.

> Is BCP38 *not* well enough though out even for large and medium sized 
> carriers to adopt as contractual language, ...

You're back to discussing voluntary mechanisms in the above, but 
your example is a case where compliance is due to legislation at 
both federal and state levels.

> much less for FCC or someone to
> impose upon them?  If so, we should work on it further.

Umm... How many North American ISP's/datacenters/web hosting firms were 
aware of the BCP 38 development as it was on-going, and participated in 
some manner in its review?  The IETF is a wonderful organization, but it
is not exactly overflowing with representation from the service provider 
community.  Also, given that you really need these practices picked up
on a global basis, repeat the above question with "Global" rather than
North American...  

If you actually want to see certain technical practices made mandatory
for Internet service providers globally, then you need a development 
process for those practices which fairly robust to insure that the 
practices are equally germane and reasonable to many different service 
providers in many different parts of the world.  It's actually relatively
easy to get governments to require compliance with accepted technical
practices for the Internet, the problem has been we've never taken the
effort to produce best practices with sufficient rigor than any given
government can know that it has the necessary backing (of many of the
service providers in its domain) needed to actually require compliance.

(With regard to the FCC, there is some question as to whether or not 
their mandate would allow establishing required practices for ISPs...
To the extent that VoIP traffic is being carried, this is far more 
likely to be possible, and hence folks should be aware of various
activities such as the CSRIC "Communications Security, Reliability 
and Interoperability Council", which develops recommendations that
could effectively become requirements on Internet Service Providers
in some contexts. 
<http://www.fcc.gov/encyclopedia/communications-security-reliability-and-interoperability-council-iii>
Noe that the problem with this sort of approach is that having dozens 
of countries all developing their own specific technical best practices 
is most likely to cumulatively interact in ways impossible to comply 
with...  Hence, the need for clear global technical best practices,
through which countries with a particular desire to "improve the
state of the Internet" can channel their legislative desires...)

FYI,
/John